Mobile Apps: Owner’s Pride, Hacker’s Gain

Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways for hackers to get inside your phone. Scary, huh? Hackers can get into your mobile…

Vulnerability Assessment – Automated v/s Manual Testing

We all know that there are 3 distinct pillars of software testing – functional testing, security testing and performance testing. There are multiple tools out there, to make tester’s life easy. While these automations are a important, there are few lacuna that a tester should be aware of, and this is especially true in case…

Why Hackers Like The Healthcare Industries

To the question in title, if I was a hacker I would ask myself “why not”?. Its simple really. Hackers always go for the data which either they can use for themselves or they can sell and earn money. PHI (Personal Health Information) or the EHR (Electronic Health Records) data is that form of electronic…

Learnings From The Cyber Attacks on Banking Industry

Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack and becomes sluggish on cyber security. While providing consultancy to many banks, in different geographical…

How To Select Your ISO 27001 Implementation Partner

While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Company purely based on cost. Typical mistakes in implementing ISO27001 Compliance All those who are…

Considering ISO27001 for IoT Security Readiness

Manufacturing companies are heading towards IoT (Internet of Things) in a fast pace. While most of the companies are focused on automating their production processes, they seems to be losing focus from one key element – information security. This article briefs about typical challenges in IoT Security Readiness and how ISO27001 can help in the…

IOT Vulnerability Assessment using Raspberry Pi2

IOT Vulnerability Assessment and Penetration Testing IOT, which is a buzzword in many business industries and also its becoming one of the most important trend in the history of the software industry. IoT are physical objects that connect wirelessly to a network and has the ability to transmit data they are equipped with the sensors…

ISO 27017 & ISO 27018 Compliance Documentation

Cloud services offer great scalability and flexibility. However, for a company, the adoption of cloud services is challenging as it raises concerns about security. Even though being ISO 27001 certified, if a company is using or providing cloud based services, then they must see what the ISO standards for Cloud Computing have in store for…

SQL Injection Attack Via ORM Sink

Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…